blob: bff36c85f3ea6ebb931acff324d1538fc0a833f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/usr/bin/perl
#
# Module: vyatta-show-ipsec-status.pl
#
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc.
# All Rights Reserved.
#
# Author: Mohit Mehta
# Date: March 2010
# Description: vpn ipsec status
#
# **** End License ****
#
use Getopt::Long;
use POSIX;
use lib "/opt/vyatta/share/perl5";
use Vyatta::Config;
use Vyatta::Misc;
use warnings;
use strict;
sub get_vpn_intfs {
my $config = new Vyatta::Config;
$config->setLevel('vpn ipsec');
my @vpn_intfs = ();
@vpn_intfs = $config->returnOrigValues('ipsec-interfaces interface');
my @return = sort(@vpn_intfs);
return @return;
}
sub get_vpn_all_localips {
my $config = new Vyatta::Config;
$config->setLevel('vpn ipsec site-to-site');
my @local_ips = ();
my @vpn_peers = ();
@vpn_peers = $config->listOrigNodes('peer');
foreach my $peer (@vpn_peers) {
my $local_ip = $config->returnOrigValue("peer $peer local-address");
if (!defined($local_ip)){
my $dhcpif = $config->returnOrigValue("peer $peer dhcp-interface");
if (defined($dhcpif)){
$local_ip = (Vyatta::Misc::getIP($dhcpif, 4))[0];
if (defined($local_ip)){
$local_ip = (split(/\//,$local_ip))[0];
}
}
$local_ip = ' ' if !defined($local_ip);
}
push @local_ips, $local_ip;
}
return @local_ips;
}
sub relate_intfs_with_localips {
my @vpn_intfs = get_vpn_intfs();
my @peer_localips = get_vpn_all_localips();
if ((scalar @vpn_intfs) > 0) {
foreach my $intf (@vpn_intfs) {
print "\t$intf\t";
my @intf_ips = Vyatta::Misc::getIP($intf, 4);
if ((scalar @intf_ips) > 0) {
my $ip_found = 0;
foreach my $local_ip (@peer_localips) {
if (scalar(grep(/^$local_ip/, @intf_ips)) > 0) {
print "($local_ip)";
$ip_found = 1;
last;
}
}
if ($ip_found == 0) {
print "(no IP on interface statically configured as local-ip for any VPN peer)";
}
print "\n";
} else {
print "( )";
}
}
}
}
#
# main
#
my $process_id = `sudo cat /var/run/charon.pid`;
# Update to deal with new strongswan syntax for ipsec status command.
my $sa_summary = `sudo ipsec status 2>/dev/null | grep "Security Associations" `;
my $active_tunnels;
($active_tunnels) = $sa_summary =~ /\((.*?) up/;
chomp $process_id;
chomp $active_tunnels;
my @vpn_interfaces = get_vpn_intfs();
my @peer_local_ips = get_vpn_all_localips();
print "IPSec Process Running PID: $process_id\n";
print "\n$active_tunnels Active IPsec Tunnels\n";
print "\nIPsec Interfaces :\n";
relate_intfs_with_localips();
exit 0;
# end of file
|
